| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
| Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. |
| Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. |
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
| The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. |
| Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. |
| The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. |
| The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. |
| snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. |
| MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. |
| Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. |
| FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. |
| The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
| NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. |
| Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. |
| HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. |
| Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. |
